Re: ssh Problem using it for SFTP

To: debian <debian-user@lists.debian.org>
Subject: Re: ssh Problem using it for SFTP
From: Steve Matzura <sm@noisynotes.com>
Date: Thu, 14 Jan 2016 11:10:59 -0500
Message-id: <[🔎] h1if9btdt1s5hgcjo5ivahcfj3dk4954bq@4ax.com>
In-reply-to: <[🔎] q7od9bl9vubatjkjg270rjqvcbegov6c9q@4ax.com>
References: <[🔎] q7od9bl9vubatjkjg270rjqvcbegov6c9q@4ax.com>

I decided to put the two logs from `sshd -d' side-by-side to try to
figure out where the differences are. Both logs have the following
lines immediately after the connection request:

debug1: Client protocol version 2.0; client software version
FTP-Voyager-15.2.0.15
debug1: no match: FTP-Voyager-15.2.0.15
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1

The working connection log has this line next:

debug1: SELinux support disabled [preauth]

Then the two logs continue with the same lines, although some of the
parameters may differ. I don't think they're important.

debug1: permanently_set_uid: 74/74 [preauth]

Now it gets interesting.

Working connection:

debug1: list_hostkey_types:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes192-cbc hmac-sha1 zlib@openssh.com
[preauth]
debug1: kex: server->client aes192-cbc hmac-sha1 zlib@openssh.com
[preauth]
debug1: expecting SSH2_MSG_KEXDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]

Then come lines indicating a successful sign-in, which I omitted.

Failing connection:

debug1: list_hostkey_types:
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
no matching cipher found: client
aes192-cbc,3des-cbc,blowfish-cbc,aes128-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,des-cbc,des-cbc@ssh.com
server
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
[preauth]

The rest of the lines show connection run-down, omitted.

The major difference that I see is that the connection that works has
the line `SELinux support disabled [preauth]', and the connection that
doesn't work does not have that line. What I know about SELinux is
that incorrect usage could have disastrous results, so I haven't done
anything with it. Do I need to change anything in my default Debian
installation? Suggestions welcome.

Reply to:

Follow-Ups:
- Re: ssh Problem using it for SFTP
  - From: Daniel Bareiro <daniel-listas@gmx.net>

References:
- ssh Problem using it for SFTP
  - From: Steve Matzura <sm@noisynotes.com>

Prev by Date: Debian 8 - Jesse - Letsencrypt deployments
Next by Date: Re: ssh Problem using it for SFTP
Previous by thread: Re: ssh Problem using it for SFTP
Next by thread: Re: ssh Problem using it for SFTP
Index(es):
- Date
- Thread